Tried extortion to keep intrusion quiet
Last modified on Thursday, 25 September 2008 06:30
Bruce Mengler, a southern California resident, has been charged with stealing customer data from Maserati North America Inc.’s Web site and then trying to extort money from Maserati by threatening to go public with details of how he successfully hacked the site to gain access to the data.
Mengler was charged with five federal charges in the U.S. District Court for the Southern District of California, including extortion and illegal access to a protected computer. Mengler is accused of accessing Maserati North America customer information by using an automated program to guess PINs that the company provided potential customers for logging into a promotional company Web site.
Once Mengler’s program successfully identified a PIN, he would allegedly use it to log into the Web site and then download the customer data associated with that PIN, which was usually the customer’s name and address.
Mengler’s next move was to attempt to extort funds from Maserati North America in exchange for his not revealing the data breach and information he had mined from the Web site of customers in the San Diego area, according to the pleadings filed with the court. Mengler sent Emails to Maserati’s headquarters in New Jersey, threatening to reveal the lack of security and breach of privacy on the Web site.
Prosecutors alleged that Mengler’s Emails included messages such as, "Would you like this lack of security & privacy to become public knowledge? If you would like to buy my silence, make me an offer I can't refuse."
Mengler also boasted that he had obtained more than 2,600 customer records and threatened to make that information available to Maserati’s competitors, as well as publicize the security breach. "What dollar amount is each name worth to Maserati to not be released to the public?" Mengler asked in one of his messages, according to the court filings.